Fable 5 Returns: Inside the 18-Day Export Control Dispute
Reviews Fable 5’s return after an 18-day export-control shutdown, covering the jailbreak report, CAISI review, stricter safety filters, and why enterprise AI needs model-agnostic routing and fallback.
On July 1, Anthropic announced that Claude Fable 5, its strongest publicly released model, had been restored to global access. Previously, due to an export control directive issued by the U.S. Department of Commerce, the model—together with its sister model Mythos 5—had been taken offline for nearly 18 days. This was also a highly symbolic event in recent years: a frontier model that had already been commercialized and released to market was temporarily halted due to national security review, and then returned after the regulator lifted the restrictions. The following is a structured review of what happened and what Anthropic did during the process.
To understand this episode, it is necessary to start with the two models. On June 9, Anthropic released Fable 5 and Mythos 5. The two models share the same underlying model: Fable 5 is the general-purpose version released for broader public use, with safety guardrails added; its capabilities are said to exceed those of any model Anthropic had previously made generally available, and the longer and more complex the task, the larger its lead over other models. Mythos 5, by contrast, has fewer guardrails and is a restricted version made available to cyber defenders and infrastructure providers, deployed in collaboration with the U.S. government through Project Glasswing. Early customer examples also emerged at launch. For instance, Stripe said Fable 5 compressed a codebase-wide migration involving a 50-million-line Ruby codebase into one day, whereas a manual estimate would have required more than two months.
The trigger for the controversy was a jailbreak report. Amazon researchers discovered a method for bypassing Fable 5’s safety guardrails: through specific prompts, the model could be made to identify several software vulnerabilities and, in one case, generate code demonstrating how the vulnerability could be exploited. The report was submitted to the U.S. government.
Timeline
June 2 — Before all of this, Trump signed an executive order establishing a “voluntary” pre-release review pathway for frontier models and a set of classified benchmarks for determining which models fall within the “controlled” scope. However, the order explicitly did not create a mandatory release-licensing regime. Notably, Fable 5 never went through this pathway.
June 9 — Fable 5 and Mythos 5 were officially released.
June 12, Friday — The U.S. Department of Commerce imposed export controls on the two models. The directive required Anthropic to cut off access for all foreign nationals, whether inside or outside the United States, including Anthropic’s own non-U.S. employees. Because the order took effect immediately and the company had no way to verify each user’s nationality in real time, Anthropic suspended access to both models for all users.
June 13–25 — During this period, enterprises and developers that had already integrated Fable 5 or Mythos 5 into their workflows were forced to roll back to older models such as Opus 4.8. Anthropic publicly objected, arguing that taking an important commercial model offline based only on a narrow jailbreak finding could “essentially halt all new model deployments for all frontier model providers.” At the same time, Anthropic worked with the U.S. government, Amazon, and other parties to review the report and the relevant evidence.
June 26 — The U.S. government allowed Anthropic to restore Mythos 5 access for approximately 100 trusted U.S. organizations, including cyber defense organizations, infrastructure providers, and federal agencies, partially reversing the June 12 order.
June 30 — Secretary of Commerce Howard Lutnick sent a letter lifting the export control licensing requirement for the two models. Before that, the Department of Commerce’s Center for AI Standards and Innovation (CAISI) had reviewed Anthropic’s safety measures.
July 1 — Fable 5 was restored globally across Claude.ai, Claude Platform, Claude Code, and Claude Cowork. Anthropic’s official account announced the update at 3:31 p.m. Eastern Time. Access on AWS, Google Cloud, and Microsoft Foundry will also be re-enabled “as quickly as possible.”
What Anthropic Did During This Period
Viewed separately, Anthropic’s actions can be grouped into several categories.
First, it complied by taking the models offline while publicly making its case. Faced with the practical impossibility of verifying users’ nationalities in real time, Anthropic chose to suspend access for all users to satisfy the export control requirement. At the same time, it did not simply accept the restriction in silence. It publicly questioned whether the basis for the directive was too narrow and warned that the move could have spillover effects on the deployment pace of frontier models across the industry.
Second, it used testing evidence to challenge the claim of “unique capability.” After reviewing the evidence with the government and Amazon, Anthropic conducted a round of comparative testing. Its conclusion was that multiple less capable models—including Opus 4.8, GPT-5.5, and Kimi K2.7—could identify the same vulnerabilities mentioned in the report. In the step involving a demonstration of how to exploit the vulnerability, every model Anthropic tested produced the same result as Fable 5. In other words, the behavior described in the report did not reflect a unique Mythos-level capability. It looked more like routine defensive cybersecurity work.
Third, it trained a targeted safety classifier. Working closely with the government, Anthropic trained a new safety filter, or classifier, specifically designed to identify and block the technique described in the report. According to the June 30 update, the classifier blocks that technique in more than 99% of cases. Blocked requests are redirected to the less capable Opus 4.8 model; users receive a notice and are not charged at Fable pricing. The trade-off is that false positives will increase in normal programming and debugging tasks.
Fourth, it accepted official review and made a series of institutional commitments. Before the controls were lifted, CAISI reviewed Anthropic’s safety measures. Anthropic also launched a HackerOne program for researchers to report new Fable 5 jailbreaks; committed to providing designated government partners with earlier opportunities to test future frontier models; and formed a 24/7 team to monitor jailbreak reports. For the most severe cases, such as jailbreaks that could threaten power grids or banking systems, Anthropic said it would begin deploying mitigations as soon as severity is confirmed. In addition, together with Glasswing partners including Amazon, Microsoft, and Google, Anthropic proposed developing an industry-wide framework for scoring jailbreak severity.
What Fable 5 Looks Like After Its Return
One point requires attention: the Fable 5 that has returned is not exactly the same as the original version. It is a version that has been tightened “out of an abundance of caution.” The safety classifier is now stricter, which means that in routine tasks such as coding and debugging, users are more likely to encounter situations where the model judges a request to be risky and falls back to Opus 4.8. This will not happen for the vast majority of tasks, but the trigger probability is indeed higher than before.
In terms of access and pricing, Fable 5 is priced at $10 per million input tokens and $50 per million output tokens. Prompt caching continues to receive a 90% input discount. Workloads requiring inference inside the United States can use U.S.-only inference at 1.1× the price. For Pro, Max, Team, and select Enterprise plans, Fable 5 counts for up to 50% of weekly usage limits until July 7, after which it will be available through usage credits. Standard Enterprise seats do not include a Fable 5 allowance and must enable credits to use it.
The release of frontier models is increasingly moving away from a normal product launch and toward a form of “negotiated deployment” shaped by U.S. national security review. One telling detail is that the June 2 executive order had already created a voluntary review pathway, yet the government in this case used the heavier tool of export controls rather than that pathway. For enterprise technology leaders, this roller-coaster regulatory cycle is also pushing one architectural trend: the shift toward model-agnostic fallback architectures. Through a proxy layer, enterprises can dynamically switch critical production workflows from proprietary APIs to locally deployed open-weight alternatives when necessary, thereby hedging against future regulatory supply cutoffs.